BuyUCoin data breach exposes personal data of nearly 325k users

BuyUCoin data breach exposes personal data of nearly 325k users

BuyUCoin, an Indian crypto exchange, has recently fallen victim to a breach, which has led to the compromise of nearly 325,000 users’ personal data.

Sources with knowledge of the matter claim that the attack has been conducted by a hacking group called ShinyHunters. The hackers have allegedly leaked a database comprising private data such as phone numbers, tax identification numbers, names, email addresses and bank account details of over 325,000 users of BuyUCoin.

Screenshots of the exposed data were recently posted on Twitter by Rajshekhar Rajaharia, cybersecurity researcher, which included BuyUCoin referral codes and trading activity.

The exchange had initially denied claims of any data breach, dismissing the reports as rumors, and insisting that not a single user was affected. However, it has recently released a statement, wherein it has stated that each aspect of the report regarding unlawful or malicious cybercrime activities by foreign entities was being thoroughly investigated. BuyUCoin added that user funds were safe within a secure environment, with 95% being reportedly kept in cold storage.

While no funds have been reported to be affected in the recent breach, there are still several potential risks that may impact BuyUCoin users. Similar to BuyUCoin customers, the users of Ledger also experienced a compromise of their personal data in June & July 2020, as the result of a breach that affected nearly 272,853 individuals that ordered hardware wallets. Certain users have also reported receiving hostile emails, consisting of demands for crypto ransom to be paid within 24 hours.

While real-world breaches for crypto theft are considerably rarer than scams or hacks, they do occur on occasion. Various BuyUCoin users have expressed their frustrations regarding the breach reports, both in terms of data as well as physical security.

In his follow-up tweets, Rajaharia, himself a BuyUCoin user, also termed the initial response of the exchange to the breach as irresponsible.

Source Credit: